ExternalMirrors
/
firewalld-formula
kopia lustrzana https://github.com/saltstack-formulas/firewalld-formula
Obserwuj 1
Polub 0
Forkuj 1
Kod Zgłoszenia 0 Wydania 14 Wiki Aktywność
Saltstack Official FirewallD Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
246 Commity
1 Gałąź
Drzewo: d542d63c40
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'd542d63c40'
${ noResults }
firewalld-formula/firewalld/files/policy.xml

180 lines
6.8KB
Czysty Wina Historia 

  1. <?xml version="1.0" encoding="utf-8"?>

  2. <!--

  3.   This file is managed/generated by salt.

  4.   Do not edit this file manually, it will be overwritten!

  5.   Modify the salt pillar for firewalld instead

  6. -->

  7. {%- macro rich_rule(rule) %}

  8.   <rule{% if 'family' in rule %} family="{{ rule.family }}"{% endif %}{% if 'priority' in rule %} priority="{{ rule.priority }}"{% endif %}>

  9.   {%- if 'ipset' in rule %}

  10.     <source ipset="{{ rule.ipset.name }}" />

  11.   {%- endif %}

  12.   {%- if 'source' in rule %}

  13.     <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %} invert="{{ rule.source.invert }}"{%- endif %} />

  14.   {%- endif %}

  15.   {%- if 'destination' in rule %}

  16.     <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %} invert="{{ rule.destination.invert }}"{%- endif %} />

  17.   {%- endif %}

  18.   {%- if 'service' in rule %}

  19.     <service name="{{ rule.service }}" />

  20.   {%- endif %}

  21.   {%- if 'port' in rule %}

  22.     <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}" />

  23.   {%- endif %}

  24.   {%- if 'protocol' in rule %}

  25.     <protocol value="{{ rule.protocol }}" />

  26.   {%- endif %}

  27.   {%- if 'icmp_block' in rule %}

  28.     <icmp-block name="{{ rule.icmp_block }}" />

  29.   {%- endif %}

  30.   {%- if 'icmp_type' in rule %}

  31.     <icmp-type name="{{ rule.icmp_type }}" />

  32.   {%- endif %}

  33.   {%- if 'masquerade' in rule %}

  34.     {%- if rule.masquerade %}<masquerade/>{%- endif %}

  35.   {%- endif %}

  36.   {%- if 'forward_port' in rule %}

  37.     {%- if 'comment' in rule.forward_port %}

  38.       <!-- {{ rule.forward_port.comment }} -->

  39.     {%- endif %}

  40.     <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} />

  41.   {%- endif %}

  42.   {%- if 'source_port' in rule %}

  43.     {%- if 'comment' in rule.source_port %}

  44.       <!-- {{ rule.source_port.comment }} -->

  45.     {%- endif %}

  46.     <source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} />

  47.   {%- endif %}

  48.   {%- if 'log' in rule %}

  49.     <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}>

  50.     {%- if 'limit' in rule.log %}

  51.       <limit value="{{ rule.log.limit }}"/>

  52.     {%- endif %}

  53.     </log>

  54.   {%- endif %}

  55.   {%- if 'audit' in rule %}

  56.     <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>

  57.   {%- endif %}

  58.   {%- if 'accept' in rule %}

  59.     <accept>{%- if rule.accept is mapping and 'limit' in rule.accept %} <limit value="{{ rule.accept.limit }}"/>{%- endif %}</accept>

  60.   {%- endif %}

  61.   {%- if 'reject' in rule %}

  62.     <reject{%- if rule.reject is mapping and 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} />

  63.   {%- endif %}

  64.   {%- if 'drop' in rule %}

  65.     <drop/>

  66.   {%- endif %}

  67.   </rule>

  68. {%- endmacro %}

  69. <policy{%- if 'target' in policy %} target="{{ policy.target }}"{%- endif %}{%- if 'priority' in policy %} priority="{{ policy.priority }}"{%- endif %}>

  70.   {% if 'short' in policy %}<short>{{ policy.short }}</short>{% else %}<short>{{ name }}</short>{% endif %}

  71.   {% if 'description' in policy %}<description>{{ policy.description }}</description>{% endif %}

  72.   {% if 'ingress_zone' in policy %}<ingress-zone name="{{ policy.ingress_zone }}" />{% endif %}

  73.   {% if 'egress_zone' in policy %}<egress-zone name="{{ policy.egress_zone }}" />{% endif %}

  74.   

  75. {%- if 'sources' in policy %}

  76.   {%- for v in policy.sources %}

  77.     {%- if 'comment' in v %}

  78.   <!-- {{ v.comment }} -->

  79.   <source address="{{ v.source }}" />

  80.     {%- else %}

  81.   <source address="{{ v }}" />

  82.     {%- endif %}

  83.   {%- endfor %}

  84. {%- endif %}

  85. {%- if 'ipsets' in policy %}

  86.   {%- for v in policy.ipsets %}

  87.     {%- if 'comment' in v %}

  88.   <!-- {{ v.comment }} -->

  89.   <source ipset="{{ v.ipset }}" />

  90.     {%- else %}

  91.   <source ipset="{{ v }}" />

  92.     {%- endif %}

  93.   {%- endfor %}

  94. {%- endif %}

  95. {%- for k,val in policy.items() %}

  96.   {%- if k.endswith("services") %}

  97.     {%- for v in val %}

  98.   <service name="{{ v }}" />

  99.     {%- endfor %}

  100.   {%- endif %}

  101. {%- endfor %}

  102. {%- if 'ports' in policy %}

  103.   {%- for v in policy.ports %}

  104.     {%- if 'comment' in v %}

  105.   <!-- {{ v.comment }} -->

  106.     {%- endif %}

  107.   <port port="{{ v.port }}" protocol="{{ v.protocol }}" />

  108.   {%- endfor %}

  109. {%- endif %}

  110. {%- if 'protocols' in policy %}

  111.   {%- for v in policy.protocols %}

  112.   <protocol value="{{ v }}" />

  113.   {%- endfor %}

  114. {%- endif %}

  115. {%- if 'icmp_blocks' in policy %}

  116.   {%- for v in policy.icmp_blocks %}

  117.   <icmp-block name="{{ v }}" />

  118.   {%- endfor %}

  119. {%- endif %}

  120. {%- if 'icmp_block_inversion' in policy and policy.icmp_block_inversion %}

  121.   <icmp-block-inversion />

  122. {%- endif %}

  123. {%- if 'masquerade' in policy %}

  124.   {%- if policy.masquerade %}

  125.   <masquerade/>

  126.   {%- endif %}

  127. {%- endif %}

  128. {%- if 'forward_ports' in policy %}

  129.   {%- for v in policy.forward_ports %}

  130.     {%- if 'comment' in v %}

  131.   <!-- {{ v.comment }} -->

  132.     {%- endif %}

  133.   <forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} />

  134.   {%- endfor %}

  135. {%- endif %}

  136. {%- if 'source_ports' in policy %}

  137.   {%- for v in policy.source_ports %}

  138.     {%- if 'comment' in v %}

  139.   <!-- {{ v.comment }} -->

  140.     {%- endif %}

  141.   <source-port port="{{ v.port }}" protocol="{{ v.protocol }}" />

  142.   {%- endfor %}

  143. {%- endif %}

  144. {%- if 'rich_rules' in policy %}

  145.   {%- if policy.rich_rules is list %}

  146.     {%- set rich_rules = policy.rich_rules %}

  147.   {%- else %}

  148.     {%- set expanded_ipset_rules = [] %}

  149.     {%- for name,rule in policy.rich_rules|dictsort %}

  150.       {%- if 'ipsets' in rule %}

  151.         {%- for ipset in rule.ipsets %}

  152.           {%- set tmp_rule = {} %}

  153.           {%- set _dummy = tmp_rule.update(rule) %}

  154.           {%- set _dummy = tmp_rule.update({'ipset':{'name':ipset}}) %}

  155.           {%- set _dummy = expanded_ipset_rules.append(tmp_rule) %}

  156.         {%- endfor %}

  157.       {%- else %}

  158.         {%- set _dummy = expanded_ipset_rules.append(rule) %}

  159.       {%- endif %}

  160.     {%- endfor %}

  161.     {%- set rich_rules = [] %}

  162.     {%- for rule in expanded_ipset_rules %}

  163.       {%- if 'services' in rule %}

  164.         {%- for service in rule.services %}

  165.           {%- set tmp_rule = {} %}

  166.           {%- set _dummy = tmp_rule.update(rule) %}

  167.           {%- set _dummy = tmp_rule.update({'service':service}) %}

  168.           {%- set _dummy = rich_rules.append(tmp_rule) %}

  169.         {%- endfor %}

  170.       {%- else %}

  171.         {%- set _dummy = rich_rules.append(rule) %}

  172.       {%- endif %}

  173.     {%- endfor %}

  174.   {%- endif %}

  175.   {%- for rule in rich_rules %}

  176. {{- rich_rule(rule) }}

  177.   {%- endfor %}

  178. {%- endif %}

  179. </policy>